[unreadable] Biomedical research is increasingly relying on information gathered at the point of care in addition to traditional clinical trial data collection. The HIPAA privacy rule requires that reasonable safeguards against unwanted disclosure be taken before dissemination of patient data. Quantification of what constitutes "reasonable safeguards" remains elusive, however. Hence, most de-identification strategies used in practice today rely on simple suppression of identifiers such as name, address, and social security number. Several studies, by our group and others, have shown that these simple strategies are insufficient. As demonstrated by Lin et al.[42], there might be data for which disclosure is not possible without compromising privacy. Ultimately, a quantitative analysis must guide the determination of whether safeguards are reasonable or not. In order to address these issues, we propose to continue our investigation on the quantification of trade-offs between data disclosure and privacy protection, taking into account linkable attributes in the data. In this proposal, we seek to continue our research as follows: [unreadable] (1) Theory. Strengthen the theoretical foundations of disclosure control by further investigation of the problem of minimizing information loss while ensuring a predefined level of ambiguity with respect to patient identity, and developing a theory for linking patient data that has been subjected to disclosure control methods. [unreadable] (2) Tools. We will construct a tool that links data being considered for disclosure with data that are kept in a repository. This tool will supply information that aids in (i) evaluating disclosure control measures empirically, and (ii) enabling sensitivity analyses of vulnerability conditioned on both parameters used by the disclosure control mechanism and assumptions regarding adversarial data possession. Information thus obtained can (a) be used to recommend transformations so that the risk of privacy breaches can be decreased to a desired level, and (b) serve as a quantitative basis for the determination of safeguard reasonableness. [unreadable] (3) Evaluation of disclosure control algorithms. We will evaluate algorithms for disclosure control developed by our group and others using the tool described in (2). [unreadable] [unreadable] [unreadable]